FileVault2 Encryption fails when domain mobile account is used.
Local administrator account is able to force the encryption just fine.
Issue is presented on machine running macOS High Sierra
pma_agent.log file on affected machine contains following entries:
/FileVaultUtils:1001:1153/ Command is failed : /usr/bin/fdesetup [enable -inputplist -outputplist] /FileVaultUtils:1001:1153/ ExitCode : 38 /FileVaultUtils:1001:1153/ ErrorCode : 5
Attempt to turn on FileVault2 encryption manually from System Preferences - Security & Privacy using domain mobile account will result in following error:
Authentication server refused operation because the current credentials are not authorized for the requested operation.
Domain mobile account can no longer be used to force FileVault2 encryption on Macs running High Sierra. This limitation was implemented with one of recent macOS High Sierra updates. More information can be found in KB article from Apple Support
There is no possibility to bypass this limitation when using Parallels Mac Management hence starting from macOS High Sierra only local administrator accounts should be used to enable FileVault2 encryption on the Mac running macOS High Sierra